The server can also advertise a public name that doesn't match any domain it has a TLS certificate for, like example.com or nsa.gov.

I'm not 100% sure it's allowed in the specs, but it works in Chrome.

As I understand it, without this feature it would be pretty useless for small website owners, since they would need to register a separate domain for their ECH public name, which censors could just block.